Implanted medical devices: A hacker’s playground?

I was recently reading the morning newspaper and came across an article about a pacemaker and an insulin pump being hacked. While the idea was initially shocking, the story behind the motive was really intriguing.

The hacker, a diabetic who had been using an insulin pump for several years, noticed that the device was vulnerable to attacks from outsiders -- a fact that put his health at risk. Given the industry's reluctance to implement greater security assurance features in these devices, the man was eager to prove the folly of this oversight. The hacker was in fact trying to catch the attention of medical community to raise awareness around the need for better security on these devices. He caught my attention!

Security is one of the major challenges the healthcare market will face as people's lives depend on safe and reliable products and services. Little by little, people have grown to accept the idea of wearing devices designed to monitor certain vitals: sport watches, monitoring bracelets, heart rate monitors, activity monitors. These tools offer valuable information, but would not harm an individual if they were to malfunction.

On the other hand, medical devices like pacemakers, automated defibrillators, neural implants, and drug delivery systems are potentially life-sustaining. Right now, cardiovascular disease is one of the leading causes of death and disease worldwide. If the predictions of the World Health Organization are true, we can expect a rapid growth of these diseases in the coming years. In such an environment, it is likely that heart monitors will become more prevalent, assigned to healthy people as well as the unhealthy so that acute complications can be prevented.

As this use grows, more people and their valuable medical information are put at risk. For example, in the future, it's feasible that you will have a programmed implantable chip containing your medical history.

At first consideration, this might seem unnecessary, but picture yourself in an emergency situation when you're incapable of communicating your clinical history. With the chip, doctors could easily and readily get a handle on your personal medication, allergies and therapies from the implanted device.

The balance between privacy and security is critical, but the question remains of how much security is enough? Medical device OEMs, international regulation agencies like the FDA, and technologists are all aware of this, and efforts are slowly being made for future generation devices.

In my next blog I will write more about the security and how it affects some important features like battery life. It's my hope that real hackers (unlike the user in this case making a point) will never be successful, but as a good doctor would say: "Prevention is always better."

José Fernández Villaseñor, a medical doctor and electrical engineer, is a medical product marketer in Freescale's microcontroller group. He has more than eight years of experience working on automotive, industrial, and medical engineering systems and applications as well as semiconductor product development.